Search for packages
| purl | pkg:composer/drupal/core@7.40.0 |
| Tags | Ghost |
| Next non-vulnerable version | 10.4.0-beta1 |
| Latest non-vulnerable version | 11.1.0-beta1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d5b5-6j54-aaas
Aliases: CVE-2016-3164 GHSA-836p-6p4j-35cg |
Open redirect via path manipulation Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation. |
Affected by 0 other vulnerabilities. Affected by 84 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-dn1c-md6b-aaab
Aliases: CVE-2016-9451 GHSA-66gr-xrcf-8jpq |
URL Redirection to Untrusted Site (Open Redirect) Confirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. |
Affected by 0 other vulnerabilities. Affected by 89 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 74 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-y9vf-63fm-aaad
Aliases: CVE-2016-3169 GHSA-q3p9-8728-wq7x |
Saving user accounts can sometimes grant the user all roles The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array. |
Affected by 0 other vulnerabilities. Affected by 89 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||